CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vmware : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-38652 502 2022-11-12 2022-11-16
0.0
None ??? ??? ??? ??? ??? ???
** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2 CVE-2022-38651 Bypass 2022-11-12 2022-11-16
0.0
None ??? ??? ??? ??? ??? ???
** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
3 CVE-2022-38650 502 2022-11-12 2022-11-16
0.0
None ??? ??? ??? ??? ??? ???
** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
4 CVE-2022-31692 863 Bypass 2022-10-31 2022-11-02
0.0
None ??? ??? ??? ??? ??? ???
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
5 CVE-2022-31691 94 Exec Code 2022-11-04 2022-11-14
0.0
None ??? ??? ??? ??? ??? ???
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.
6 CVE-2022-31690 269 2022-10-31 2022-11-02
0.0
None ??? ??? ??? ??? ??? ???
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.
7 CVE-2022-31689 384 2022-11-09 2022-11-10
0.0
None ??? ??? ??? ??? ??? ???
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
8 CVE-2022-31688 79 XSS 2022-11-09 2022-11-10
0.0
None ??? ??? ??? ??? ??? ???
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
9 CVE-2022-31687 2022-11-09 2022-11-10
0.0
None ??? ??? ??? ??? ??? ???
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
10 CVE-2022-31686 287 2022-11-09 2022-11-10
0.0
None ??? ??? ??? ??? ??? ???
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
11 CVE-2022-31685 306 Bypass 2022-11-09 2022-11-10
0.0
None ??? ??? ??? ??? ??? ???
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
12 CVE-2022-31682 2022-10-11 2022-10-13
0.0
None ??? ??? ??? ??? ??? ???
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
13 CVE-2022-31681 476 DoS 2022-10-07 2022-10-11
0.0
None ??? ??? ??? ??? ??? ???
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
14 CVE-2022-31680 502 Exec Code 2022-10-07 2022-10-11
0.0
None ??? ??? ??? ??? ??? ???
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
15 CVE-2022-31679 2022-09-21 2022-09-22
0.0
None ??? ??? ??? ??? ??? ???
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.
16 CVE-2022-31678 611 2022-10-28 2022-10-31
0.0
None ??? ??? ??? ??? ??? ???
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
17 CVE-2022-31677 613 2022-08-29 2022-09-07
0.0
None ??? ??? ??? ??? ??? ???
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
18 CVE-2022-31675 863 Bypass 2022-08-10 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
19 CVE-2022-31674 532 2022-08-10 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
20 CVE-2022-31673 668 Exec Code +Info 2022-08-10 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
21 CVE-2022-31672 269 2022-08-10 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
22 CVE-2022-31655 79 XSS 2022-07-12 2022-07-16
3.5
None Remote Medium ??? None Partial None
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
23 CVE-2022-31654 79 XSS 2022-07-12 2022-07-16
3.5
None Remote Medium ??? None Partial None
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
24 CVE-2022-31008 330 2022-10-06 2022-11-07
0.0
None ??? ??? ??? ??? ??? ???
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
25 CVE-2022-29901 668 Exec Code Bypass 2022-07-12 2022-10-26
1.9
None Local Medium Not required Partial None None
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
26 CVE-2022-27772 668 2022-03-30 2022-04-07
4.6
None Local Low Not required Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.
27 CVE-2022-23825 668 2022-07-14 2022-11-10
2.1
None Local Low Not required Partial None None
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
28 CVE-2022-22983 522 2022-08-10 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
29 CVE-2022-22982 918 2022-07-13 2022-07-20
0.0
None ??? ??? ??? ??? ??? ???
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
30 CVE-2022-22980 917 2022-06-23 2022-06-30
6.8
None Remote Medium Not required Partial Partial Partial
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
31 CVE-2022-22979 770 2022-06-21 2022-06-28
5.0
None Remote Low Not required None None Partial
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
32 CVE-2022-22976 190 Overflow 2022-05-19 2022-07-25
4.3
None Remote Medium Not required Partial None None
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
33 CVE-2022-22975 74 2022-05-11 2022-05-19
6.0
None Remote Medium ??? Partial Partial Partial
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.
34 CVE-2022-22971 770 DoS 2022-05-12 2022-10-05
4.0
None Remote Low ??? None None Partial
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
35 CVE-2022-22970 770 2022-05-12 2022-10-07
3.5
None Remote Medium ??? None None Partial
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
36 CVE-2022-22968 178 2022-04-14 2022-10-19
5.0
None Remote Low Not required None Partial None
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
37 CVE-2022-22966 Exec Code +Priv 2022-04-14 2022-04-22
6.5
None Remote Low ??? Partial Partial Partial
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.
38 CVE-2022-22953 200 +Info 2022-06-16 2022-06-27
4.0
None Remote Low ??? Partial None None
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
39 CVE-2022-22950 770 DoS 2022-04-01 2022-06-22
4.0
None Remote Low ??? None None Partial
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
40 CVE-2022-22948 276 2022-03-29 2022-04-08
4.0
None Remote Low ??? Partial None None
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
41 CVE-2022-22947 94 Exec Code 2022-03-03 2022-10-28
6.8
None Remote Medium Not required Partial Partial Partial
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
42 CVE-2022-22946 295 2022-03-04 2022-07-25
2.1
None Local Low Not required None Partial None
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
43 CVE-2022-22944 79 XSS 2022-03-02 2022-03-09
3.5
None Remote Medium ??? None Partial None
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.
44 CVE-2022-22939 532 2022-02-04 2022-02-10
4.0
None Remote Low ??? Partial None None
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
45 CVE-2022-22938 2022-01-28 2022-02-04
2.1
None Local Low Not required None None Partial
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
46 CVE-2022-21166 459 2022-06-15 2022-08-19
2.1
None Local Low Not required Partial None None
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
47 CVE-2022-21125 459 2022-06-15 2022-08-19
2.1
None Local Low Not required Partial None None
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
48 CVE-2022-21123 459 2022-06-15 2022-08-19
2.1
None Local Low Not required Partial None None
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
49 CVE-2021-32719 79 Exec Code XSS 2021-06-28 2021-07-02
3.5
None Remote Medium ??? None Partial None
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.
50 CVE-2021-32718 79 Exec Code XSS 2021-06-28 2021-12-10
3.5
None Remote Medium ??? None Partial None
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.
Total number of vulnerabilities : 447   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.